PowerGen credit card security cock-up
It's a gas gas gas
Utility firm PowerGen has left thousands of its online customers' bank and contact details unprotected.
The company claims 2,500 of its customers were affected by security cock-up but Leicester based IT consultant John Chamberlain, who discovered the hole in PowerGen's online payment system, reckons the figure is almost three times that.
While trying to pay his bill online Chamberlain discovered a file containing the names, addresses, debit and credit card numbers, and expiry dates of an estimated 7,000 PowerGen customers.
Chamberlain told the Leicester Mercury: "It took no special skills. I couldn't believe what I saw. It was basically names, addresses, credit card details, account numbers and so on.
"I thought, 'I wonder if I'm in here', so I clicked the search button and typed in my name and off it went and found my name, address, credit card number, expiry date."
Chamberlain didn't bother paying his bill and plans to hold off parting with the cash until he's confident PowerGen has sorted out its problem.
PowerGen has said it found out late yesterday that it had suffered a breach of security. It is contacting its customers whose data was accessed and passing on information to the police.
Loads of security firms have contacted The Reg to point out all the probable mistakes PowerGen made with its security - badly designed web applications, web connections left open at the firewall, not using tools to expose hacking attempts etc.
You can click here to route around PowerGen's site. ®